Xss vulnerabilities and SQL injection